[Kea-users] Multi-tenancy in Kea

[Sutherland, Robert]

Tomek,

Thanks for taking a swing at this. You took the first steps of the road we took with the old DHCP daemon. While I might extend your efforts, this would leave me with a code-base that couldn't easily merge with any future versions of Kea.

Rob

-----Original Message-----
From: Kea-users [mailto:kea-users-bounces at lists.isc.org] On Behalf Of Tomek Mrugalski
Sent: Wednesday, March 07, 2018 8:25 AM
To: kea-users at lists.isc.org
Subject: Re: [Kea-users] Multi-tenancy in Kea

Hi Rob,

I did a little experiment. With a bit of code tweaking, I managed to force Kea to load two identical subnets that only differed in relay IP address. It started all fine and I was able to get leases in each subnet.

There's one major caveat, though. Allocation engine, the core part of the code that picks leases for new clients, can't tell a difference between them and thinks the address is used, despite it being used in the other subnet.

My subnets defined were 192.0.2.1 - 192.0.2.200. First client in the first subnet got 192.0.2.1 (as expected), but the second client in the second subnet got 192.0.2.2, not 192.0.2.1.

If your subnets are large (e.g. 10.0.0.0/8) you may not care. If they're smaller, you'll use up all addresses real quick.

To implement it properly, we would have to remove getLeases4(addr) call and implement getLeases4(addr, subnet-id) instead. There's tons of uses of getLease4(addr) throughout the whole code (around 200 instances).
This would require a MAJOR rework of Kea code and the reworked code would probably we worse than it is now. So am afraid it's unlikely to happen. At least in official master. I can imagine you hacking Kea code similar way you did dhcpd would be somewhat realistic, if you accept that certain things will be broken.

Keep in mind that tweaking the code to allocate the leases is only the first step on this dark and twisted path. The next step that will probably not work is lease renewal. Then release release. After that you'll face probably broken lease expiration. Commands related to leases won't work etc. You can end up with all sorts of messed up situations, like client from one network renewing a lease from another subnet, then his lease expiring because not being renewed.

If you really want to go that path, here's a page that described my
experiment: http://kea.isc.org/wiki/KeaMultiTenant

Tomek
_______________________________________________
Kea-users mailing list
Kea-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

This email message and any attachments are for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.